[Qemu-commits] [qemu/qemu] d2ba7e: cirrus_vga: fix off-by-one in blit

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] d2ba7e: cirrus_vga: fix off-by-one in blit_re

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] d2ba7e: cirrus_vga: fix off-by-one in blit_region_is_unsaf...
Date:	Tue, 01 Mar 2016 03:30:06 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: d2ba7ecb348d3b996fcd920cf1ca7b72722c1dfd
      
https://github.com/qemu/qemu/commit/d2ba7ecb348d3b996fcd920cf1ca7b72722c1dfd
  Author: Paolo Bonzini <address@hidden>
  Date:   2016-03-01 (Tue, 01 Mar 2016)

  Changed paths:
    M hw/display/cirrus_vga.c

  Log Message:
  -----------
  cirrus_vga: fix off-by-one in blit_region_is_unsafe

The "max" value is being compared with >=, but addr + width points to
the first byte that will _not_ be copied.  Laszlo suggested using a
"greater than" comparison, instead of subtracting one like it is
already done above for the height, so that max remains always positive.

The mistake is "safe"---it will reject some blits, but will never cause
out-of-bounds writes.

Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 05fa1c742fd6f66978b989ded0dd981ef11c4a0c
      
https://github.com/qemu/qemu/commit/05fa1c742fd6f66978b989ded0dd981ef11c4a0c
  Author: Gerd Hoffmann <address@hidden>
  Date:   2016-03-01 (Tue, 01 Mar 2016)

  Changed paths:
    M hw/display/qxl.c

  Log Message:
  -----------
  qxl: lock current_async update in qxl_soft_reset

This should fix a defect report from Coverity.

Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>


  Commit: d9c7737e57d1c5d8505d09b2803ca140875c9657
      
https://github.com/qemu/qemu/commit/d9c7737e57d1c5d8505d09b2803ca140875c9657
  Author: Peter Maydell <address@hidden>
  Date:   2016-03-01 (Tue, 01 Mar 2016)

  Changed paths:
    M hw/display/cirrus_vga.c
    M hw/display/qxl.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160301-1' into 
staging

vga: minor cirrus/qxl bugfixes.

# gpg: Signature made Tue 01 Mar 2016 07:16:22 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"

* remotes/kraxel/tags/pull-vga-20160301-1:
  qxl: lock current_async update in qxl_soft_reset
  cirrus_vga: fix off-by-one in blit_region_is_unsafe

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/9c74a853048f...d9c7737e57d1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] d2ba7e: cirrus_vga: fix off-by-one in blit_region_is_unsaf..., GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 7725b8: block/nfs: add support for setting debug level
Next by Date: [Qemu-commits] [qemu/qemu] f2c1d5: console: add & use qemu_console_lookup_by_device_n...
Previous by thread: [Qemu-commits] [qemu/qemu] 7725b8: block/nfs: add support for setting debug level
Next by thread: [Qemu-commits] [qemu/qemu] f2c1d5: console: add & use qemu_console_lookup_by_device_n...
Index(es):
- Date
- Thread